Worm_Netsad.A spreads by attaching a copy of itself to an email message, which it sends to target recipients using Simple Mail Transfer Protocol (SMTP) engine mx4.mail.yahoo.com.

Aside from spreading via email, this worm also attempts to propagate via popular P2P file sharing applications, such as the following:

  • eMule
  • Gnucleus
  • Kazaa
  • Morpheus

    • This worm banks on social engineering, wherein copies of itself are named either as legitimate applications or as cracking tools to popular software applications. The file names described above are dropped in the shared folders of the abovementioned P2P applications.

    Once a target user from the same network copies and executes the said files, his/her machine is automatically infected by this worm.

    This worm terminates processes that are mostly related to antivirus and security applications. It does the said routine to prevent early detection and removal.

    Technical details can be found at this Trend Micro page.